static int dump_gateways(
sd_netlink *rtnl,
sd_hwdb *hwdb,
const char *prefix,
int ifindex) {
_cleanup_free_ struct local_address *local = NULL;
int r, n, i;
n = local_gateways(rtnl, ifindex, AF_UNSPEC, &local);
if (n < 0)
return n;
for (i = 0; i < n; i++) {
_cleanup_free_ char *gateway = NULL, *description = NULL;
r = in_addr_to_string(local[i].family, &local[i].address, &gateway);
if (r < 0)
return r;
r = get_gateway_description(rtnl, hwdb, local[i].ifindex, local[i].family, &local[i].address, &description);
if (r < 0)
log_debug_errno(r, "Could not get description of gateway: %m");
printf("%*s%s",
(int) strlen(prefix),
i == 0 ? prefix : "",
gateway);
if (description)
printf(" (%s)", description);
/* Show interface name for the entry if we show
* entries for all interfaces */
if (ifindex <= 0) {
char name[IF_NAMESIZE+1];
if (if_indextoname(local[i].ifindex, name)) {
fputs(" on ", stdout);
fputs(name, stdout);
} else
printf(" on %%%i", local[i].ifindex);
}
fputc('\n', stdout);
}
return 0;
}
void bus_job_send_change_signal(Job *j) {
int r;
assert(j);
if (j->in_dbus_queue) {
LIST_REMOVE(dbus_queue, j->manager->dbus_job_queue, j);
j->in_dbus_queue = false;
}
r = bus_foreach_bus(j->manager, j->clients, j->sent_dbus_new_signal ? send_changed_signal : send_new_signal, j);
if (r < 0)
log_debug_errno(r, "Failed to send job change signal for %u: %m", j->id);
j->sent_dbus_new_signal = true;
}
static int write_mode(char **modes) {
int r = 0;
char **mode;
STRV_FOREACH(mode, modes) {
int k;
k = write_string_file("/sys/power/disk", *mode, 0);
if (k == 0)
return 0;
log_debug_errno(k, "Failed to write '%s' to /sys/power/disk: %m",
*mode);
if (r == 0)
r = k;
}
static int kbdctx_setup_bus(kbdctx *kc) {
int r;
r = sd_bus_add_match(kc->context->sysbus,
&kc->slot_locale_props_changed,
"type='signal',"
"sender='org.freedesktop.locale1',"
"interface='org.freedesktop.DBus.Properties',"
"member='PropertiesChanged',"
"path='/org/freedesktop/locale1'",
kbdctx_locale_props_changed_fn,
kc);
if (r < 0)
return log_debug_errno(r, "idev-keyboard: cannot setup locale1 link: %m");
return kbdctx_query_locale(kc);
}
int get_keymaps(char ***ret) {
_cleanup_strv_free_ char **l = NULL;
const char *dir;
int r;
keymaps = set_new(&string_hash_ops);
if (!keymaps)
return -ENOMEM;
NULSTR_FOREACH(dir, KBD_KEYMAP_DIRS) {
r = nftw(dir, nftw_cb, 20, FTW_PHYS|FTW_ACTIONRETVAL);
if (r == FTW_STOP)
log_debug("Directory not found %s", dir);
else if (r < 0)
log_debug_errno(r, "Can't add keymap: %m");
}
static bool promote_secondaries_enabled(const char *ifname) {
_cleanup_free_ char *promote_secondaries_sysctl = NULL;
char *promote_secondaries_path;
int r;
promote_secondaries_path = strjoina("net/ipv4/conf/", ifname, "/promote_secondaries");
r = sysctl_read(promote_secondaries_path, &promote_secondaries_sysctl);
if (r < 0) {
log_debug_errno(r, "Cannot read sysctl %s", promote_secondaries_path);
return false;
}
truncate_nl(promote_secondaries_sysctl);
r = parse_boolean(promote_secondaries_sysctl);
if (r < 0)
log_warning_errno(r, "Cannot parse sysctl %s with content %s as boolean", promote_secondaries_path, promote_secondaries_sysctl);
return r > 0;
}
int writer_write(Writer *w,
struct iovec_wrapper *iovw,
dual_timestamp *ts,
bool compress,
bool seal) {
int r;
assert(w);
assert(iovw);
assert(iovw->count > 0);
if (journal_file_rotate_suggested(w->journal, 0)) {
log_info("%s: Journal header limits reached or header out-of-date, rotating",
w->journal->path);
r = do_rotate(&w->journal, compress, seal);
if (r < 0)
return r;
}
r = journal_file_append_entry(w->journal, ts, iovw->iovec, iovw->count,
&w->seqnum, NULL, NULL);
if (r >= 0) {
if (w->server)
w->server->event_count += 1;
return 1;
}
log_debug_errno(r, "%s: Write failed, rotating: %m", w->journal->path);
r = do_rotate(&w->journal, compress, seal);
if (r < 0)
return r;
else
log_debug("%s: Successfully rotated journal", w->journal->path);
log_debug("Retrying write.");
r = journal_file_append_entry(w->journal, ts, iovw->iovec, iovw->count,
&w->seqnum, NULL, NULL);
if (r < 0)
return r;
if (w->server)
w->server->event_count += 1;
return 1;
}
void server_forward_wall(
Server *s,
int priority,
const char *identifier,
const char *message,
const struct ucred *ucred) {
_cleanup_free_ char *ident_buf = NULL, *l_buf = NULL;
const char *l;
int r;
assert(s);
assert(message);
if (LOG_PRI(priority) > s->max_level_wall)
return;
if (ucred) {
if (!identifier) {
get_process_comm(ucred->pid, &ident_buf);
identifier = ident_buf;
}
if (asprintf(&l_buf, "%s["PID_FMT"]: %s", strempty(identifier), ucred->pid, message) < 0) {
log_oom();
return;
}
l = l_buf;
} else if (identifier) {
l = l_buf = strjoin(identifier, ": ", message, NULL);
if (!l_buf) {
log_oom();
return;
}
} else
l = message;
r = utmp_wall(l, "systemd-journald", NULL, NULL, NULL);
if (r < 0)
log_debug_errno(r, "Failed to send wall message: %m");
}
static void test_mnt_id(void) {
_cleanup_fclose_ FILE *f = NULL;
Hashmap *h;
Iterator i;
char *p;
void *k;
int r;
assert_se(f = fopen("/proc/self/mountinfo", "re"));
assert_se(h = hashmap_new(&trivial_hash_ops));
for (;;) {
_cleanup_free_ char *line = NULL, *path = NULL;
int mnt_id;
r = read_line(f, LONG_LINE_MAX, &line);
if (r == 0)
break;
assert_se(r > 0);
assert_se(sscanf(line, "%i %*s %*s %*s %ms", &mnt_id, &path) == 2);
assert_se(hashmap_put(h, INT_TO_PTR(mnt_id), path) >= 0);
path = NULL;
}
HASHMAP_FOREACH_KEY(p, k, h, i) {
int mnt_id = PTR_TO_INT(k), mnt_id2;
r = path_get_mnt_id(p, &mnt_id2);
if (r < 0) {
log_debug_errno(r, "Failed to get the mnt id of %s: %m\n", p);
continue;
}
log_debug("mnt id of %s is %i\n", p, mnt_id2);
if (mnt_id == mnt_id2)
continue;
/* The ids don't match? If so, then there are two mounts on the same path, let's check if that's really
* the case */
assert_se(path_equal_ptr(hashmap_get(h, INT_TO_PTR(mnt_id2)), p));
}
void bus_track_dispatch(sd_bus_track *track) {
int r;
assert(track);
assert(track->in_queue);
assert(track->handler);
bus_track_remove_from_queue(track);
sd_bus_track_ref(track);
r = track->handler(track, track->userdata);
if (r < 0)
log_debug_errno(r, "Failed to process track handler: %m");
else if (r == 0)
bus_track_add_to_queue(track);
sd_bus_track_unref(track);
}
static void exec_list(struct udev_enumerate *udev_enumerate, const char *action) {
struct udev_list_entry *entry;
udev_list_entry_foreach(entry, udev_enumerate_get_list_entry(udev_enumerate)) {
char filename[UTIL_PATH_SIZE];
int fd;
if (verbose)
printf("%s\n", udev_list_entry_get_name(entry));
if (dry_run)
continue;
strscpyl(filename, sizeof(filename), udev_list_entry_get_name(entry), "/uevent", NULL);
fd = open(filename, O_WRONLY|O_CLOEXEC);
if (fd < 0)
continue;
if (write(fd, action, strlen(action)) < 0)
log_debug_errno(errno, "error writing '%s' to '%s': %m", action, filename);
close(fd);
}
static int kbdctx_refresh_compose_table(kbdctx *kc, const char *lang) {
kbdtbl *kt;
idev_session *s;
idev_device *d;
Iterator i, j;
int r;
if (!lang)
lang = "C";
if (streq_ptr(kc->locale_lang, lang))
return 0;
r = free_and_strdup(&kc->locale_lang, lang);
if (r < 0)
return r;
log_debug("idev-keyboard: new default compose table: [ %s ]", lang);
r = kbdtbl_new_from_locale(&kt, kc, lang);
if (r < 0) {
/* TODO: We need to catch the case where no compose-file is
* available. xkb doesn't tell us so far.. so we must not treat
* it as a hard-failure but just continue. Preferably, we want
* xkb to tell us exactly whether compilation failed or whether
* there is no compose file available for this locale. */
log_debug_errno(r, "idev-keyboard: cannot load compose-table for '%s': %m",
lang);
r = 0;
kt = NULL;
}
kbdtbl_unref(kc->kbdtbl);
kc->kbdtbl = kt;
HASHMAP_FOREACH(s, kc->context->session_map, i)
HASHMAP_FOREACH(d, s->device_map, j)
if (idev_is_keyboard(d))
keyboard_update_kbdtbl(keyboard_from_device(d));
return 0;
}
static int kbdctx_refresh_keymap(kbdctx *kc) {
idev_session *s;
idev_device *d;
Iterator i, j;
kbdmap *km;
int r;
if (kc->kbdmap &&
streq_ptr(kc->locale_x11_model, kc->last_x11_model) &&
streq_ptr(kc->locale_x11_layout, kc->last_x11_layout) &&
streq_ptr(kc->locale_x11_variant, kc->last_x11_variant) &&
streq_ptr(kc->locale_x11_options, kc->last_x11_options))
return 0 ;
move_str(&kc->last_x11_model, &kc->locale_x11_model);
move_str(&kc->last_x11_layout, &kc->locale_x11_layout);
move_str(&kc->last_x11_variant, &kc->locale_x11_variant);
move_str(&kc->last_x11_options, &kc->locale_x11_options);
log_debug("idev-keyboard: new default keymap: [%s / %s / %s / %s]",
kc->last_x11_model, kc->last_x11_layout, kc->last_x11_variant, kc->last_x11_options);
/* TODO: add a fallback keymap that's compiled-in */
r = kbdmap_new_from_names(&km, kc, kc->last_x11_model, kc->last_x11_layout,
kc->last_x11_variant, kc->last_x11_options);
if (r < 0)
return log_debug_errno(r, "idev-keyboard: cannot create keymap from locale1: %m");
kbdmap_unref(kc->kbdmap);
kc->kbdmap = km;
HASHMAP_FOREACH(s, kc->context->session_map, i)
HASHMAP_FOREACH(d, s->device_map, j)
if (idev_is_keyboard(d))
keyboard_update_kbdmap(keyboard_from_device(d));
return 0;
}
_public_ int sd_hwdb_new(sd_hwdb **ret) {
_cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
const char *hwdb_bin_path;
const char sig[] = HWDB_SIG;
assert_return(ret, -EINVAL);
hwdb = new0(sd_hwdb, 1);
if (!hwdb)
return -ENOMEM;
hwdb->n_ref = REFCNT_INIT;
/* find hwdb.bin in hwdb_bin_paths */
NULSTR_FOREACH(hwdb_bin_path, hwdb_bin_paths) {
hwdb->f = fopen(hwdb_bin_path, "re");
if (hwdb->f)
break;
else if (errno == ENOENT)
continue;
else
return log_debug_errno(errno, "Failed to open %s: %m", hwdb_bin_path);
}
static int condition_test_control_group_controller(Condition *c) {
int r;
CGroupMask system_mask, wanted_mask = 0;
assert(c);
assert(c->parameter);
assert(c->type == CONDITION_CONTROL_GROUP_CONTROLLER);
r = cg_mask_supported(&system_mask);
if (r < 0)
return log_debug_errno(r, "Failed to determine supported controllers: %m");
r = cg_mask_from_string(c->parameter, &wanted_mask);
if (r < 0 || wanted_mask <= 0) {
/* This won't catch the case that we have an unknown controller
* mixed in with valid ones -- these are only assessed on the
* validity of the valid controllers found. */
log_debug("Failed to parse cgroup string: %s", c->parameter);
return 1;
}
return FLAGS_SET(system_mask, wanted_mask);
}
static int conf_files_list_strv_internal(char ***strv, const char *suffix, const char *root, char **dirs) {
_cleanup_hashmap_free_ Hashmap *fh = NULL;
char **files, **p;
int r;
assert(strv);
assert(suffix);
/* This alters the dirs string array */
if (!path_strv_resolve_uniq(dirs, root))
return -ENOMEM;
fh = hashmap_new(&string_hash_ops);
if (!fh)
return -ENOMEM;
STRV_FOREACH(p, dirs) {
r = files_add(fh, root, *p, suffix);
if (r == -ENOMEM)
return r;
if (r < 0)
log_debug_errno(r, "Failed to search for files in %s, ignoring: %m", *p);
}
int config_parse_dnssd_service_name(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata) {
static const Specifier specifier_table[] = {
{ 'b', specifier_boot_id, NULL },
{ 'H', specifier_host_name, NULL },
{ 'm', specifier_machine_id, NULL },
{ 'v', specifier_kernel_release, NULL },
{}
};
DnssdService *s = userdata;
_cleanup_free_ char *name = NULL;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(s);
if (isempty(rvalue)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Service instance name can't be empty. Ignoring.");
return -EINVAL;
}
r = free_and_strdup(&s->name_template, rvalue);
if (r < 0)
return log_oom();
r = specifier_printf(s->name_template, specifier_table, NULL, &name);
if (r < 0)
return log_debug_errno(r, "Failed to replace specifiers: %m");
if (!dns_service_name_is_valid(name)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Service instance name template renders to invalid name '%s'. Ignoring.", name);
return -EINVAL;
}
return 0;
}
static int tar_pull_make_local_copy(TarPull *i) {
int r;
assert(i);
assert(i->tar_job);
if (!i->local)
return 0;
r = pull_make_local_copy(i->final_path, i->image_root, i->local, i->force_local);
if (r < 0)
return r;
if (i->settings) {
const char *local_settings;
assert(i->settings_job);
r = tar_pull_determine_path(i, ".nspawn", &i->settings_path);
if (r < 0)
return r;
local_settings = strjoina(i->image_root, "/", i->local, ".nspawn");
r = copy_file_atomic(i->settings_path, local_settings, 0664, 0, COPY_REFLINK | (i->force_local ? COPY_REPLACE : 0));
if (r == -EEXIST)
log_warning_errno(r, "Settings file %s already exists, not replacing.", local_settings);
else if (r == -ENOENT)
log_debug_errno(r, "Skipping creation of settings file, since none was found.");
else if (r < 0)
log_warning_errno(r, "Failed to copy settings files %s, ignoring: %m", local_settings);
else
log_info("Created new settings file %s.", local_settings);
}
return 0;
}
static int node_permissions_apply(struct udev_device *dev, bool apply,
mode_t mode, uid_t uid, gid_t gid,
struct udev_list *seclabel_list) {
const char *devnode = udev_device_get_devnode(dev);
dev_t devnum = udev_device_get_devnum(dev);
struct stat stats;
struct udev_list_entry *entry;
int err = 0;
if (streq(udev_device_get_subsystem(dev), "block"))
mode |= S_IFBLK;
else
mode |= S_IFCHR;
if (lstat(devnode, &stats) != 0) {
err = -errno;
log_debug_errno(errno, "can not stat() node '%s' (%m)", devnode);
goto out;
}
if (((stats.st_mode & S_IFMT) != (mode & S_IFMT)) || (stats.st_rdev != devnum)) {
err = -EEXIST;
log_debug("found node '%s' with non-matching devnum %s, skip handling",
udev_device_get_devnode(dev), udev_device_get_id_filename(dev));
goto out;
}
if (apply) {
bool selinux = false;
bool smack = false;
if ((stats.st_mode & 0777) != (mode & 0777) || stats.st_uid != uid || stats.st_gid != gid) {
log_debug("set permissions %s, %#o, uid=%u, gid=%u", devnode, mode, uid, gid);
err = chmod(devnode, mode);
if (err < 0)
log_warning_errno(errno, "setting mode of %s to %#o failed: %m", devnode, mode);
err = chown(devnode, uid, gid);
if (err < 0)
log_warning_errno(errno, "setting owner of %s to uid=%u, gid=%u failed: %m", devnode, uid, gid);
} else {
log_debug("preserve permissions %s, %#o, uid=%u, gid=%u", devnode, mode, uid, gid);
}
/* apply SECLABEL{$module}=$label */
udev_list_entry_foreach(entry, udev_list_get_entry(seclabel_list)) {
const char *name, *label;
int r;
name = udev_list_entry_get_name(entry);
label = udev_list_entry_get_value(entry);
if (streq(name, "selinux")) {
selinux = true;
r = mac_selinux_apply(devnode, label);
if (r < 0)
log_error_errno(r, "SECLABEL: failed to set SELinux label '%s': %m", label);
else
log_debug("SECLABEL: set SELinux label '%s'", label);
} else if (streq(name, "smack")) {
smack = true;
r = mac_smack_apply(devnode, label);
if (r < 0)
log_error_errno(r, "SECLABEL: failed to set SMACK label '%s': %m", label);
else
log_debug("SECLABEL: set SMACK label '%s'", label);
} else
log_error("SECLABEL: unknown subsystem, ignoring '%s'='%s'", name, label);
}
/* set the defaults */
if (!selinux)
mac_selinux_fix(devnode, true, false);
if (!smack)
mac_smack_apply(devnode, NULL);
}
/* always update timestamp when we re-use the node, like on media change events */
utimensat(AT_FDCWD, devnode, NULL, 0);
out:
return err;
}
int journal_directory_vacuum(
const char *directory,
uint64_t max_use,
uint64_t n_max_files,
usec_t max_retention_usec,
usec_t *oldest_usec,
bool verbose) {
_cleanup_closedir_ DIR *d = NULL;
struct vacuum_info *list = NULL;
unsigned n_list = 0, i, n_active_files = 0;
size_t n_allocated = 0;
uint64_t sum = 0, freed = 0;
usec_t retention_limit = 0;
char sbytes[FORMAT_BYTES_MAX];
struct dirent *de;
int r;
assert(directory);
if (max_use <= 0 && max_retention_usec <= 0 && n_max_files <= 0)
return 0;
if (max_retention_usec > 0) {
retention_limit = now(CLOCK_REALTIME);
if (retention_limit > max_retention_usec)
retention_limit -= max_retention_usec;
else
max_retention_usec = retention_limit = 0;
}
d = opendir(directory);
if (!d)
return -errno;
FOREACH_DIRENT_ALL(de, d, r = -errno; goto finish) {
unsigned long long seqnum = 0, realtime;
_cleanup_free_ char *p = NULL;
sd_id128_t seqnum_id;
bool have_seqnum;
uint64_t size;
struct stat st;
size_t q;
if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
log_debug_errno(errno, "Failed to stat file %s while vacuuming, ignoring: %m", de->d_name);
continue;
}
if (!S_ISREG(st.st_mode))
continue;
q = strlen(de->d_name);
if (endswith(de->d_name, ".journal")) {
/* Vacuum archived files. Active files are
* left around */
if (q < 1 + 32 + 1 + 16 + 1 + 16 + 8) {
n_active_files++;
continue;
}
if (de->d_name[q-8-16-1] != '-' ||
de->d_name[q-8-16-1-16-1] != '-' ||
de->d_name[q-8-16-1-16-1-32-1] != '@') {
n_active_files++;
continue;
}
p = strdup(de->d_name);
if (!p) {
r = -ENOMEM;
goto finish;
}
de->d_name[q-8-16-1-16-1] = 0;
if (sd_id128_from_string(de->d_name + q-8-16-1-16-1-32, &seqnum_id) < 0) {
n_active_files++;
continue;
}
if (sscanf(de->d_name + q-8-16-1-16, "%16llx-%16llx.journal", &seqnum, &realtime) != 2) {
n_active_files++;
continue;
}
have_seqnum = true;
} else if (endswith(de->d_name, ".journal~")) {
unsigned long long tmp;
/* Vacuum corrupted files */
if (q < 1 + 16 + 1 + 16 + 8 + 1) {
n_active_files ++;
continue;
}
if (de->d_name[q-1-8-16-1] != '-' ||
de->d_name[q-1-8-16-1-16-1] != '@') {
n_active_files ++;
continue;
}
p = strdup(de->d_name);
if (!p) {
r = -ENOMEM;
goto finish;
}
if (sscanf(de->d_name + q-1-8-16-1-16, "%16llx-%16llx.journal~", &realtime, &tmp) != 2) {
n_active_files ++;
continue;
}
have_seqnum = false;
} else {
/* We do not vacuum unknown files! */
log_debug("Not vacuuming unknown file %s.", de->d_name);
continue;
}
size = 512UL * (uint64_t) st.st_blocks;
r = journal_file_empty(dirfd(d), p);
if (r < 0) {
log_debug_errno(r, "Failed check if %s is empty, ignoring: %m", p);
continue;
}
if (r > 0) {
/* Always vacuum empty non-online files. */
if (unlinkat(dirfd(d), p, 0) >= 0) {
log_full(verbose ? LOG_INFO : LOG_DEBUG,
"Deleted empty archived journal %s/%s (%s).", directory, p, format_bytes(sbytes, sizeof(sbytes), size));
freed += size;
} else if (errno != ENOENT)
log_warning_errno(errno, "Failed to delete empty archived journal %s/%s: %m", directory, p);
continue;
}
patch_realtime(dirfd(d), p, &st, &realtime);
if (!GREEDY_REALLOC(list, n_allocated, n_list + 1)) {
r = -ENOMEM;
goto finish;
}
list[n_list].filename = p;
list[n_list].usage = size;
list[n_list].seqnum = seqnum;
list[n_list].realtime = realtime;
list[n_list].seqnum_id = seqnum_id;
list[n_list].have_seqnum = have_seqnum;
n_list ++;
p = NULL;
sum += size;
}
qsort_safe(list, n_list, sizeof(struct vacuum_info), vacuum_compare);
for (i = 0; i < n_list; i++) {
unsigned left;
left = n_active_files + n_list - i;
if ((max_retention_usec <= 0 || list[i].realtime >= retention_limit) &&
(max_use <= 0 || sum <= max_use) &&
(n_max_files <= 0 || left <= n_max_files))
break;
if (unlinkat(dirfd(d), list[i].filename, 0) >= 0) {
log_full(verbose ? LOG_INFO : LOG_DEBUG, "Deleted archived journal %s/%s (%s).", directory, list[i].filename, format_bytes(sbytes, sizeof(sbytes), list[i].usage));
freed += list[i].usage;
if (list[i].usage < sum)
sum -= list[i].usage;
else
sum = 0;
} else if (errno != ENOENT)
log_warning_errno(errno, "Failed to delete archived journal %s/%s: %m", directory, list[i].filename);
}
if (oldest_usec && i < n_list && (*oldest_usec == 0 || list[i].realtime < *oldest_usec))
*oldest_usec = list[i].realtime;
r = 0;
finish:
for (i = 0; i < n_list; i++)
free(list[i].filename);
free(list);
log_full(verbose ? LOG_INFO : LOG_DEBUG, "Vacuuming done, freed %s of archived journals on disk.", format_bytes(sbytes, sizeof(sbytes), freed));
return r;
}
static int append_machine_properties(
sd_bus_message *m,
CustomMount *mounts,
unsigned n_mounts,
int kill_signal,
char **properties) {
unsigned j;
int r;
assert(m);
r = sd_bus_message_append(m, "(sv)", "DevicePolicy", "s", "closed");
if (r < 0)
return bus_log_create_error(r);
/* If you make changes here, also make sure to update [email protected], to keep the device policies in
* sync regardless if we are run with or without the --keep-unit switch. */
r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 2,
/* Allow the container to
* access and create the API
* device nodes, so that
* PrivateDevices= in the
* container can work
* fine */
"/dev/net/tun", "rwm",
/* Allow the container
* access to ptys. However,
* do not permit the
* container to ever create
* these device nodes. */
"char-pts", "rw");
if (r < 0)
return bus_log_create_error(r);
for (j = 0; j < n_mounts; j++) {
CustomMount *cm = mounts + j;
if (cm->type != CUSTOM_MOUNT_BIND)
continue;
r = is_device_node(cm->source);
if (r == -ENOENT) {
/* The bind source might only appear as the image is put together, hence don't complain */
log_debug_errno(r, "Bind mount source %s not found, ignoring: %m", cm->source);
continue;
}
if (r < 0)
return log_error_errno(r, "Failed to stat %s: %m", cm->source);
if (r) {
r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 1,
cm->source, cm->read_only ? "r" : "rw");
if (r < 0)
return log_error_errno(r, "Failed to append message arguments: %m");
}
}
if (kill_signal != 0) {
r = sd_bus_message_append(m, "(sv)", "KillSignal", "i", kill_signal);
if (r < 0)
return bus_log_create_error(r);
r = sd_bus_message_append(m, "(sv)", "KillMode", "s", "mixed");
if (r < 0)
return bus_log_create_error(r);
}
return 0;
}
int udev_parse_config_full(
unsigned *ret_children_max,
usec_t *ret_exec_delay_usec,
usec_t *ret_event_timeout_usec,
ResolveNameTiming *ret_resolve_name_timing) {
_cleanup_free_ char *log_val = NULL, *children_max = NULL, *exec_delay = NULL, *event_timeout = NULL, *resolve_names = NULL;
int r;
r = parse_env_file(NULL, "/etc/udev/udev.conf",
"udev_log", &log_val,
"children_max", &children_max,
"exec_delay", &exec_delay,
"event_timeout", &event_timeout,
"resolve_names", &resolve_names);
if (r == -ENOENT)
return 0;
if (r < 0)
return r;
if (log_val) {
const char *log;
size_t n;
/* unquote */
n = strlen(log_val);
if (n >= 2 &&
((log_val[0] == '"' && log_val[n-1] == '"') ||
(log_val[0] == '\'' && log_val[n-1] == '\''))) {
log_val[n - 1] = '\0';
log = log_val + 1;
} else
log = log_val;
/* we set the udev log level here explicitly, this is supposed
* to regulate the code in libudev/ and udev/. */
r = log_set_max_level_from_string_realm(LOG_REALM_UDEV, log);
if (r < 0)
log_debug_errno(r, "/etc/udev/udev.conf: failed to set udev log level '%s', ignoring: %m", log);
}
if (ret_children_max && children_max) {
r = safe_atou(children_max, ret_children_max);
if (r < 0)
log_notice_errno(r, "/etc/udev/udev.conf: failed to set parse children_max=%s, ignoring: %m", children_max);
}
if (ret_exec_delay_usec && exec_delay) {
r = parse_sec(exec_delay, ret_exec_delay_usec);
if (r < 0)
log_notice_errno(r, "/etc/udev/udev.conf: failed to set parse exec_delay=%s, ignoring: %m", exec_delay);
}
if (ret_event_timeout_usec && event_timeout) {
r = parse_sec(event_timeout, ret_event_timeout_usec);
if (r < 0)
log_notice_errno(r, "/etc/udev/udev.conf: failed to set parse event_timeout=%s, ignoring: %m", event_timeout);
}
if (ret_resolve_name_timing && resolve_names) {
ResolveNameTiming t;
t = resolve_name_timing_from_string(resolve_names);
if (t < 0)
log_notice("/etc/udev/udev.conf: failed to set parse resolve_names=%s, ignoring.", resolve_names);
else
*ret_resolve_name_timing = t;
}
return 0;
}
/* Use this function only if you do not have direct access to /proc/self/mountinfo but the caller can open it
* for you. This is the case when /proc is masked or not mounted. Otherwise, use bind_remount_recursive. */
int bind_remount_recursive_with_mountinfo(
const char *prefix,
unsigned long new_flags,
unsigned long flags_mask,
char **blacklist,
FILE *proc_self_mountinfo) {
_cleanup_set_free_free_ Set *done = NULL;
_cleanup_free_ char *cleaned = NULL;
int r;
assert(proc_self_mountinfo);
/* Recursively remount a directory (and all its submounts) read-only or read-write. If the directory is already
* mounted, we reuse the mount and simply mark it MS_BIND|MS_RDONLY (or remove the MS_RDONLY for read-write
* operation). If it isn't we first make it one. Afterwards we apply MS_BIND|MS_RDONLY (or remove MS_RDONLY) to
* all submounts we can access, too. When mounts are stacked on the same mount point we only care for each
* individual "top-level" mount on each point, as we cannot influence/access the underlying mounts anyway. We
* do not have any effect on future submounts that might get propagated, they migt be writable. This includes
* future submounts that have been triggered via autofs.
*
* If the "blacklist" parameter is specified it may contain a list of subtrees to exclude from the
* remount operation. Note that we'll ignore the blacklist for the top-level path. */
cleaned = strdup(prefix);
if (!cleaned)
return -ENOMEM;
path_simplify(cleaned, false);
done = set_new(&path_hash_ops);
if (!done)
return -ENOMEM;
for (;;) {
_cleanup_set_free_free_ Set *todo = NULL;
bool top_autofs = false;
char *x;
unsigned long orig_flags;
todo = set_new(&path_hash_ops);
if (!todo)
return -ENOMEM;
rewind(proc_self_mountinfo);
for (;;) {
_cleanup_free_ char *path = NULL, *p = NULL, *type = NULL;
int k;
k = fscanf(proc_self_mountinfo,
"%*s " /* (1) mount id */
"%*s " /* (2) parent id */
"%*s " /* (3) major:minor */
"%*s " /* (4) root */
"%ms " /* (5) mount point */
"%*s" /* (6) mount options (superblock) */
"%*[^-]" /* (7) optional fields */
"- " /* (8) separator */
"%ms " /* (9) file system type */
"%*s" /* (10) mount source */
"%*s" /* (11) mount options (bind mount) */
"%*[^\n]", /* some rubbish at the end */
&path,
&type);
if (k != 2) {
if (k == EOF)
break;
continue;
}
r = cunescape(path, UNESCAPE_RELAX, &p);
if (r < 0)
return r;
if (!path_startswith(p, cleaned))
continue;
/* Ignore this mount if it is blacklisted, but only if it isn't the top-level mount we shall
* operate on. */
if (!path_equal(cleaned, p)) {
bool blacklisted = false;
char **i;
STRV_FOREACH(i, blacklist) {
if (path_equal(*i, cleaned))
continue;
if (!path_startswith(*i, cleaned))
continue;
if (path_startswith(p, *i)) {
blacklisted = true;
log_debug("Not remounting %s blacklisted by %s, called for %s", p, *i, cleaned);
break;
}
}
if (blacklisted)
continue;
}
/* Let's ignore autofs mounts. If they aren't
* triggered yet, we want to avoid triggering
* them, as we don't make any guarantees for
* future submounts anyway. If they are
* already triggered, then we will find
* another entry for this. */
if (streq(type, "autofs")) {
top_autofs = top_autofs || path_equal(cleaned, p);
continue;
}
if (!set_contains(done, p)) {
r = set_consume(todo, p);
p = NULL;
if (r == -EEXIST)
continue;
if (r < 0)
return r;
}
}
/* If we have no submounts to process anymore and if
* the root is either already done, or an autofs, we
* are done */
if (set_isempty(todo) &&
(top_autofs || set_contains(done, cleaned)))
return 0;
if (!set_contains(done, cleaned) &&
!set_contains(todo, cleaned)) {
/* The prefix directory itself is not yet a mount, make it one. */
if (mount(cleaned, cleaned, NULL, MS_BIND|MS_REC, NULL) < 0)
return -errno;
orig_flags = 0;
(void) get_mount_flags(cleaned, &orig_flags);
orig_flags &= ~MS_RDONLY;
if (mount(NULL, cleaned, NULL, (orig_flags & ~flags_mask)|MS_BIND|MS_REMOUNT|new_flags, NULL) < 0)
return -errno;
log_debug("Made top-level directory %s a mount point.", prefix);
r = set_put_strdup(done, cleaned);
if (r < 0)
return r;
}
while ((x = set_steal_first(todo))) {
r = set_consume(done, x);
if (IN_SET(r, 0, -EEXIST))
continue;
if (r < 0)
return r;
/* Deal with mount points that are obstructed by a later mount */
r = path_is_mount_point(x, NULL, 0);
if (IN_SET(r, 0, -ENOENT))
continue;
if (IN_SET(r, -EACCES, -EPERM)) {
/* Even if root user invoke this, submounts under private FUSE or NFS mount points
* may not be acceessed. E.g.,
*
* $ bindfs --no-allow-other ~/mnt/mnt ~/mnt/mnt
* $ bindfs --no-allow-other ~/mnt ~/mnt
*
* Then, root user cannot access the mount point ~/mnt/mnt.
* In such cases, the submounts are ignored, as we have no way to manage them. */
log_debug_errno(r, "Failed to determine '%s' is mount point or not, ignoring: %m", x);
continue;
}
if (r < 0)
return r;
/* Try to reuse the original flag set */
orig_flags = 0;
(void) get_mount_flags(x, &orig_flags);
orig_flags &= ~MS_RDONLY;
if (mount(NULL, x, NULL, (orig_flags & ~flags_mask)|MS_BIND|MS_REMOUNT|new_flags, NULL) < 0)
return -errno;
log_debug("Remounted %s read-only.", x);
}
}
static int add_boot(const char *what) {
_cleanup_blkid_free_probe_ blkid_probe b = NULL;
const char *fstype = NULL, *uuid = NULL;
sd_id128_t id, type_id;
int r;
assert(what);
if (!is_efi_boot()) {
log_debug("Not an EFI boot, ignoring /boot.");
return 0;
}
if (in_initrd()) {
log_debug("In initrd, ignoring /boot.");
return 0;
}
if (detect_container() > 0) {
log_debug("In a container, ignoring /boot.");
return 0;
}
/* We create an .automount which is not overridden by the .mount from the fstab generator. */
if (fstab_is_mount_point("/boot")) {
log_debug("/boot specified in fstab, ignoring.");
return 0;
}
if (path_is_busy("/boot")) {
log_debug("/boot already populated, ignoring.");
return 0;
}
r = efi_loader_get_device_part_uuid(&id);
if (r == -ENOENT) {
log_debug("EFI loader partition unknown.");
return 0;
}
if (r < 0) {
log_error_errno(r, "Failed to read ESP partition UUID: %m");
return r;
}
errno = 0;
b = blkid_new_probe_from_filename(what);
if (!b) {
if (errno == 0)
return log_oom();
return log_error_errno(errno, "Failed to allocate prober: %m");
}
blkid_probe_enable_partitions(b, 1);
blkid_probe_set_partitions_flags(b, BLKID_PARTS_ENTRY_DETAILS);
errno = 0;
r = blkid_do_safeprobe(b);
if (r == -2 || r == 1) /* no result or uncertain */
return 0;
else if (r != 0)
return log_error_errno(errno ?: EIO, "Failed to probe %s: %m", what);
(void) blkid_probe_lookup_value(b, "TYPE", &fstype, NULL);
if (!streq(fstype, "vfat")) {
log_debug("Partition for /boot is not a FAT filesystem, ignoring.");
return 0;
}
r = blkid_probe_lookup_value(b, "PART_ENTRY_UUID", &uuid, NULL);
if (r != 0) {
log_debug_errno(r, "Partition for /boot does not have a UUID, ignoring. %m");
return 0;
}
if (sd_id128_from_string(uuid, &type_id) < 0) {
log_debug("Partition for /boot does not have a valid UUID, ignoring.");
return 0;
}
if (!sd_id128_equal(type_id, id)) {
log_debug("Partition for /boot does not appear to be the partition we are booted from.");
return 0;
}
r = add_automount("boot",
what,
"/boot",
"vfat",
true,
"umask=0077",
"EFI System Partition Automount",
120 * USEC_PER_SEC);
return r;
}
static int device_read_db(sd_device *device) {
_cleanup_free_ char *db = NULL;
char *path;
const char *id, *value;
char key;
size_t db_len;
unsigned i;
int r;
enum {
PRE_KEY,
KEY,
PRE_VALUE,
VALUE,
INVALID_LINE,
} state = PRE_KEY;
assert(device);
if (device->db_loaded || device->sealed)
return 0;
r = device_get_id_filename(device, &id);
if (r < 0)
return r;
path = strjoina("/run/udev/data/", id);
r = read_full_file(path, &db, &db_len);
if (r < 0) {
if (r == -ENOENT)
return 0;
else
return log_debug_errno(r, "sd-device: failed to read db '%s': %m", path);
}
/* devices with a database entry are initialized */
device_set_is_initialized(device);
for (i = 0; i < db_len; i++) {
switch (state) {
case PRE_KEY:
if (!strchr(NEWLINE, db[i])) {
key = db[i];
state = KEY;
}
break;
case KEY:
if (db[i] != ':') {
log_debug("sd-device: ignoring invalid db entry with key '%c'", key);
state = INVALID_LINE;
} else {
db[i] = '\0';
state = PRE_VALUE;
}
break;
case PRE_VALUE:
value = &db[i];
state = VALUE;
break;
case INVALID_LINE:
if (strchr(NEWLINE, db[i]))
state = PRE_KEY;
break;
case VALUE:
if (strchr(NEWLINE, db[i])) {
db[i] = '\0';
r = handle_db_line(device, key, value);
if (r < 0)
log_debug_errno(r, "sd-device: failed to handle db entry '%c:%s': %m", key, value);
state = PRE_KEY;
}
break;
default:
assert_not_reached("invalid state when parsing db");
}
}
device->db_loaded = true;
return 0;
}
int umount_recursive(const char *prefix, int flags) {
int n = 0, r;
bool again;
/* Try to umount everything recursively below a
* directory. Also, take care of stacked mounts, and keep
* unmounting them until they are gone. */
do {
_cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
again = false;
r = 0;
proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
if (!proc_self_mountinfo)
return -errno;
(void) __fsetlocking(proc_self_mountinfo, FSETLOCKING_BYCALLER);
for (;;) {
_cleanup_free_ char *path = NULL, *p = NULL;
int k;
k = fscanf(proc_self_mountinfo,
"%*s " /* (1) mount id */
"%*s " /* (2) parent id */
"%*s " /* (3) major:minor */
"%*s " /* (4) root */
"%ms " /* (5) mount point */
"%*s" /* (6) mount options */
"%*[^-]" /* (7) optional fields */
"- " /* (8) separator */
"%*s " /* (9) file system type */
"%*s" /* (10) mount source */
"%*s" /* (11) mount options 2 */
"%*[^\n]", /* some rubbish at the end */
&path);
if (k != 1) {
if (k == EOF)
break;
continue;
}
k = cunescape(path, UNESCAPE_RELAX, &p);
if (k < 0)
return k;
if (!path_startswith(p, prefix))
continue;
if (umount2(p, flags) < 0) {
r = log_debug_errno(errno, "Failed to umount %s: %m", p);
continue;
}
log_debug("Successfully unmounted %s", p);
again = true;
n++;
break;
}
} while (again);
return r < 0 ? r : n;
}
static int device_amend(sd_device *device, const char *key, const char *value) {
int r;
assert(device);
assert(key);
assert(value);
if (streq(key, "DEVPATH")) {
char *path;
path = strjoina("/sys", value);
/* the caller must verify or trust this data (e.g., if it comes from the kernel) */
r = device_set_syspath(device, path, false);
if (r < 0)
return log_debug_errno(r, "sd-device: could not set syspath to '%s': %m", path);
} else if (streq(key, "SUBSYSTEM")) {
r = device_set_subsystem(device, value);
if (r < 0)
return log_debug_errno(r, "sd-device: could not set subsystem to '%s': %m", value);
} else if (streq(key, "DEVTYPE")) {
r = device_set_devtype(device, value);
if (r < 0)
return log_debug_errno(r, "sd-device: could not set devtype to '%s': %m", value);
} else if (streq(key, "DEVNAME")) {
r = device_set_devname(device, value);
if (r < 0)
return log_debug_errno(r, "sd-device: could not set devname to '%s': %m", value);
} else if (streq(key, "USEC_INITIALIZED")) {
r = device_set_usec_initialized(device, value);
if (r < 0)
return log_debug_errno(r, "sd-device: could not set usec-initialized to '%s': %m", value);
} else if (streq(key, "DRIVER")) {
r = device_set_driver(device, value);
if (r < 0)
return log_debug_errno(r, "sd-device: could not set driver to '%s': %m", value);
} else if (streq(key, "IFINDEX")) {
r = device_set_ifindex(device, value);
if (r < 0)
return log_debug_errno(r, "sd-device: could not set ifindex to '%s': %m", value);
} else if (streq(key, "DEVMODE")) {
r = device_set_devmode(device, value);
if (r < 0)
return log_debug_errno(r, "sd-device: could not set devmode to '%s': %m", value);
} else if (streq(key, "DEVUID")) {
r = device_set_devuid(device, value);
if (r < 0)
return log_debug_errno(r, "sd-device: could not set devuid to '%s': %m", value);
} else if (streq(key, "DEVGID")) {
r = device_set_devgid(device, value);
if (r < 0)
return log_debug_errno(r, "sd-device: could not set devgid to '%s': %m", value);
} else if (streq(key, "DEVLINKS")) {
const char *word, *state;
size_t l;
FOREACH_WORD(word, l, value, state) {
char devlink[l + 1];
strncpy(devlink, word, l);
devlink[l] = '\0';
r = device_add_devlink(device, devlink);
if (r < 0)
return log_debug_errno(r, "sd-device: could not add devlink '%s': %m", devlink);
}
} else if (streq(key, "TAGS")) {
int ima_setup(void) {
#if ENABLE_IMA
_cleanup_fclose_ FILE *input = NULL;
_cleanup_close_ int imafd = -1;
unsigned lineno = 0;
int r;
if (access(IMA_SECFS_DIR, F_OK) < 0) {
log_debug_errno(errno, "IMA support is disabled in the kernel, ignoring: %m");
return 0;
}
if (access(IMA_SECFS_POLICY, W_OK) < 0) {
log_warning_errno(errno, "Another IMA custom policy has already been loaded, ignoring: %m");
return 0;
}
if (access(IMA_POLICY_PATH, F_OK) < 0) {
log_debug_errno(errno, "No IMA custom policy file "IMA_POLICY_PATH", ignoring: %m");
return 0;
}
imafd = open(IMA_SECFS_POLICY, O_WRONLY|O_CLOEXEC);
if (imafd < 0) {
log_error_errno(errno, "Failed to open the IMA kernel interface "IMA_SECFS_POLICY", ignoring: %m");
return 0;
}
/* attempt to write the name of the policy file into sysfs file */
if (write(imafd, IMA_POLICY_PATH, STRLEN(IMA_POLICY_PATH)) > 0)
goto done;
/* fall back to copying the policy line-by-line */
input = fopen(IMA_POLICY_PATH, "re");
if (!input) {
log_warning_errno(errno, "Failed to open the IMA custom policy file "IMA_POLICY_PATH", ignoring: %m");
return 0;
}
safe_close(imafd);
imafd = open(IMA_SECFS_POLICY, O_WRONLY|O_CLOEXEC);
if (imafd < 0) {
log_error_errno(errno, "Failed to open the IMA kernel interface "IMA_SECFS_POLICY", ignoring: %m");
return 0;
}
for (;;) {
_cleanup_free_ char *line = NULL;
size_t len;
r = read_line(input, LONG_LINE_MAX, &line);
if (r < 0)
return log_error_errno(r, "Failed to read the IMA custom policy file "IMA_POLICY_PATH": %m");
if (r == 0)
break;
len = strlen(line);
lineno++;
if (len > 0 && write(imafd, line, len) < 0)
return log_error_errno(errno, "Failed to load the IMA custom policy file "IMA_POLICY_PATH"%u: %m",
lineno);
}
done:
log_info("Successfully loaded the IMA custom policy "IMA_POLICY_PATH".");
#endif /* ENABLE_IMA */
return 0;
}
static int image_make(
const char *pretty,
int dfd,
const char *path,
const char *filename,
const struct stat *st,
Image **ret) {
_cleanup_free_ char *pretty_buffer = NULL;
struct stat stbuf;
bool read_only;
int r;
assert(dfd >= 0 || dfd == AT_FDCWD);
assert(filename);
/* We explicitly *do* follow symlinks here, since we want to allow symlinking trees, raw files and block
* devices into /var/lib/machines/, and treat them normally.
*
* This function returns -ENOENT if we can't find the image after all, and -EMEDIUMTYPE if it's not a file we
* recognize. */
if (!st) {
if (fstatat(dfd, filename, &stbuf, 0) < 0)
return -errno;
st = &stbuf;
}
read_only =
(path && path_startswith(path, "/usr")) ||
(faccessat(dfd, filename, W_OK, AT_EACCESS) < 0 && errno == EROFS);
if (S_ISDIR(st->st_mode)) {
_cleanup_close_ int fd = -1;
unsigned file_attr = 0;
if (!ret)
return 0;
if (!pretty) {
r = extract_pretty(filename, NULL, &pretty_buffer);
if (r < 0)
return r;
pretty = pretty_buffer;
}
fd = openat(dfd, filename, O_CLOEXEC|O_NOCTTY|O_DIRECTORY);
if (fd < 0)
return -errno;
/* btrfs subvolumes have inode 256 */
if (st->st_ino == 256) {
r = btrfs_is_filesystem(fd);
if (r < 0)
return r;
if (r) {
BtrfsSubvolInfo info;
/* It's a btrfs subvolume */
r = btrfs_subvol_get_info_fd(fd, 0, &info);
if (r < 0)
return r;
r = image_new(IMAGE_SUBVOLUME,
pretty,
path,
filename,
info.read_only || read_only,
info.otime,
0,
ret);
if (r < 0)
return r;
if (btrfs_quota_scan_ongoing(fd) == 0) {
BtrfsQuotaInfo quota;
r = btrfs_subvol_get_subtree_quota_fd(fd, 0, "a);
if (r >= 0) {
(*ret)->usage = quota.referenced;
(*ret)->usage_exclusive = quota.exclusive;
(*ret)->limit = quota.referenced_max;
(*ret)->limit_exclusive = quota.exclusive_max;
}
}
return 0;
}
}
/* If the IMMUTABLE bit is set, we consider the
* directory read-only. Since the ioctl is not
* supported everywhere we ignore failures. */
(void) read_attr_fd(fd, &file_attr);
/* It's just a normal directory. */
r = image_new(IMAGE_DIRECTORY,
pretty,
path,
filename,
read_only || (file_attr & FS_IMMUTABLE_FL),
0,
0,
ret);
if (r < 0)
return r;
return 0;
} else if (S_ISREG(st->st_mode) && endswith(filename, ".raw")) {
usec_t crtime = 0;
/* It's a RAW disk image */
if (!ret)
return 0;
(void) fd_getcrtime_at(dfd, filename, &crtime, 0);
if (!pretty) {
r = extract_pretty(filename, ".raw", &pretty_buffer);
if (r < 0)
return r;
pretty = pretty_buffer;
}
r = image_new(IMAGE_RAW,
pretty,
path,
filename,
!(st->st_mode & 0222) || read_only,
crtime,
timespec_load(&st->st_mtim),
ret);
if (r < 0)
return r;
(*ret)->usage = (*ret)->usage_exclusive = st->st_blocks * 512;
(*ret)->limit = (*ret)->limit_exclusive = st->st_size;
return 0;
} else if (S_ISBLK(st->st_mode)) {
_cleanup_close_ int block_fd = -1;
uint64_t size = UINT64_MAX;
/* A block device */
if (!ret)
return 0;
if (!pretty) {
r = extract_pretty(filename, NULL, &pretty_buffer);
if (r < 0)
return r;
pretty = pretty_buffer;
}
block_fd = openat(dfd, filename, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY);
if (block_fd < 0)
log_debug_errno(errno, "Failed to open block device %s/%s, ignoring: %m", path, filename);
else {
/* Refresh stat data after opening the node */
if (fstat(block_fd, &stbuf) < 0)
return -errno;
st = &stbuf;
if (!S_ISBLK(st->st_mode)) /* Verify that what we opened is actually what we think it is */
return -ENOTTY;
if (!read_only) {
int state = 0;
if (ioctl(block_fd, BLKROGET, &state) < 0)
log_debug_errno(errno, "Failed to issue BLKROGET on device %s/%s, ignoring: %m", path, filename);
else if (state)
read_only = true;
}
if (ioctl(block_fd, BLKGETSIZE64, &size) < 0)
log_debug_errno(errno, "Failed to issue BLKGETSIZE64 on device %s/%s, ignoring: %m", path, filename);
block_fd = safe_close(block_fd);
}
r = image_new(IMAGE_BLOCK,
pretty,
path,
filename,
!(st->st_mode & 0222) || read_only,
0,
0,
ret);
if (r < 0)
return r;
if (size != 0 && size != UINT64_MAX)
(*ret)->usage = (*ret)->usage_exclusive = (*ret)->limit = (*ret)->limit_exclusive = size;
return 0;
}
return -EMEDIUMTYPE;
}
static int builtin_blkid(struct udev_device *dev, int argc, char *argv[], bool test) {
const char *root_partition;
int64_t offset = 0;
bool noraid = false;
_cleanup_close_ int fd = -1;
blkid_probe pr;
const char *data;
const char *name;
const char *prtype = NULL;
int nvals;
int i;
int err = 0;
bool is_gpt = false;
static const struct option options[] = {
{ "offset", optional_argument, NULL, 'o' },
{ "noraid", no_argument, NULL, 'R' },
{}
};
for (;;) {
int option;
option = getopt_long(argc, argv, "oR", options, NULL);
if (option == -1)
break;
switch (option) {
case 'o':
offset = strtoull(optarg, NULL, 0);
break;
case 'R':
noraid = true;
break;
}
}
pr = blkid_new_probe();
if (!pr)
return EXIT_FAILURE;
blkid_probe_set_superblocks_flags(pr,
BLKID_SUBLKS_LABEL | BLKID_SUBLKS_UUID |
BLKID_SUBLKS_TYPE | BLKID_SUBLKS_SECTYPE |
BLKID_SUBLKS_USAGE | BLKID_SUBLKS_VERSION |
BLKID_SUBLKS_BADCSUM);
if (noraid)
blkid_probe_filter_superblocks_usage(pr, BLKID_FLTR_NOTIN, BLKID_USAGE_RAID);
fd = open(udev_device_get_devnode(dev), O_RDONLY|O_CLOEXEC);
if (fd < 0) {
err = log_debug_errno(errno, "Failure opening block device %s: %m", udev_device_get_devnode(dev));
goto out;
}
err = blkid_probe_set_device(pr, fd, offset, 0);
if (err < 0)
goto out;
log_debug("probe %s %sraid offset=%"PRIi64,
udev_device_get_devnode(dev),
noraid ? "no" : "", offset);
err = probe_superblocks(pr);
if (err < 0)
goto out;
if (blkid_probe_has_value(pr, "SBBADCSUM")) {
if (!blkid_probe_lookup_value(pr, "TYPE", &prtype, NULL))
log_warning("incorrect %s checksum on %s",
prtype, udev_device_get_devnode(dev));
else
log_warning("incorrect checksum on %s",
udev_device_get_devnode(dev));
goto out;
}
/* If we are a partition then our parent passed on the root
* partition UUID to us */
root_partition = udev_device_get_property_value(dev, "ID_PART_GPT_AUTO_ROOT_UUID");
nvals = blkid_probe_numof_values(pr);
for (i = 0; i < nvals; i++) {
if (blkid_probe_get_value(pr, i, &name, &data, NULL))
continue;
print_property(dev, test, name, data);
/* Is this a disk with GPT partition table? */
if (streq(name, "PTTYPE") && streq(data, "gpt"))
is_gpt = true;
/* Is this a partition that matches the root partition
* property we inherited from our parent? */
if (root_partition && streq(name, "PART_ENTRY_UUID") && streq(data, root_partition))
udev_builtin_add_property(dev, test, "ID_PART_GPT_AUTO_ROOT", "1");
}
if (is_gpt)
find_gpt_root(dev, pr, test);
blkid_free_probe(pr);
out:
if (err < 0)
return EXIT_FAILURE;
return EXIT_SUCCESS;
}
